A privilege is an application-specific access control element associated with a class and access role.
A privilege rule is an instance of a Rule-Access-Privilege rule type. A privilege name is the second key part of a privilege rule.
A privilege rule only names a privilege; it does not convey the privilege to anyone. To have access to a privilege, a requestor session must "hold," in the access role list, at least one of the access roles that grant access to the privilege. The association between access roles and privileges is defined by instances of the Rule-Access-Role-Obj rule type.
Using privilege rules in an application is optional, but they can offer finer control over access than access roles alone.
access role | |
About Access of Role to Object rules
About Privilege rules Privilege-Check method |
|
Atlas — Standard Privilege rules |